Skip to content

chore: add Cloud SQL samples env vars as secrets#13065

Merged
davidcavazos merged 2 commits intomainfrom
fix-cloud-sql-env-vars
Jan 22, 2025
Merged

chore: add Cloud SQL samples env vars as secrets#13065
davidcavazos merged 2 commits intomainfrom
fix-cloud-sql-env-vars

Conversation

@jackwotherspoon
Copy link
Contributor

@jackwotherspoon jackwotherspoon commented Jan 16, 2025

Add a new secret to store Cloud SQL samples secrets. This secret will be setup as part of the build setup script.

The secret manager secrets live in a project owned by @GoogleCloudPlatform/cloud-sql-connectors who maintain the /cloud-sql samples.

Fixes #12987

@jackwotherspoon jackwotherspoon self-assigned this Jan 16, 2025
@jackwotherspoon jackwotherspoon requested review from a team as code owners January 16, 2025 15:21
ghost
ghost reviewed Jan 16, 2025
View reviewed changes
Copy link

@ghost ghost left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi team,

I'm currently reviewing this pull request and will provide my feedback shortly. In the meantime, here's a summary for you and other reviewers to quickly get up to speed:

This pull request, authored by jackwotherspoon, aims to add Cloud SQL samples environment variables as secrets. The primary goal is to improve security by storing sensitive information in a more secure manner.

Here's a breakdown of the changes:

  • Added a new secret: A new secret, python-docs-samples-cloud-sql-secrets, is added to store Cloud SQL samples secrets. This secret is managed by the @GoogleCloudPlatform/cloud-sql-connectors team.
  • Modified run_tests.sh: The run_tests.sh script (.kokoro/tests/run_tests.sh) is updated to source the new Cloud SQL secrets file (testing/cloudsql-samples-secrets.sh). Specifically, lines 111, 116, and 122 were modified to include the new secret file. Lines 214 and 215 were also updated to remove the new secret file after testing.
  • Modified decrypt-secrets.sh: The decrypt-secrets.sh script (in scripts/) is updated to retrieve and store the new Cloud SQL secret. Lines 46-52 were added to accomplish this.

This addresses issue #12987.

And now, a little haiku to lighten the mood:

Secrets safe and sound,
Code runs smoothly, free from fear,
Review now complete.

Thanks,
Gemini

@product-auto-label product-auto-label bot added the samples Issues that are directly related to samples. label Jan 16, 2025
ghost
ghost reviewed Jan 16, 2025
View reviewed changes
Copy link

@ghost ghost left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This pull request introduces a new secret to store Cloud SQL samples secrets, which is a positive change for security. The implementation is straightforward and addresses the issue of managing sensitive information effectively. The commit message clearly explains the purpose and context of the changes, and the link to the related issue provides additional context.

@jackwotherspoon jackwotherspoon added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jan 16, 2025
@kokoro-team kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jan 16, 2025
davidcavazos
davidcavazos approved these changes Jan 16, 2025
View reviewed changes
Copy link

@davidcavazos davidcavazos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Failing tests seem unrelated

@davidcavazos
Copy link

davidcavazos commented Jan 16, 2025

The tests that depend on these new secrets seem to be passing, other failing tests are most likely flaky or currently broken. I think this should be safe to merge.

cloud-sql/mysql/client-side-encryption................................[ SUCCESS]
cloud-sql/mysql/sqlalchemy............................................[ SUCCESS]
cloud-sql/postgres/client-side-encryption.............................[ SUCCESS]
cloud-sql/postgres/sqlalchemy.........................................[ SUCCESS]
cloud-sql/sql-server/client-side-encryption...........................[ SUCCESS]
cloud-sql/sql-server/sqlalchemy.......................................[ SUCCESS]

@glasnt glasnt mentioned this pull request Jan 20, 2025
Merged
@davidcavazos
Copy link

davidcavazos commented Jan 22, 2025

Failing tests are unrelated. SQL tests are passing which means this change is not breaking anything new.

@davidcavazos davidcavazos merged commit e7f0c2a into main Jan 22, 2025
8 of 14 checks passed
@davidcavazos davidcavazos deleted the fix-cloud-sql-env-vars branch January 22, 2025 18:38
glasnt pushed a commit that referenced this pull request Jan 22, 2025
@jackwotherspoon @glasnt
chore: add Cloud SQL samples env vars as secrets (#13065)
f7c3764
@davidcavazos davidcavazos mentioned this pull request Jan 27, 2025
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dandhlee dandhlee dandhlee approved these changes

+2 more reviewers

@davidcavazos davidcavazos davidcavazos approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@jackwotherspoon jackwotherspoon

Labels

samples Issues that are directly related to samples.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Cloud SQL tests are failing with key errors for environment variables

4 participants

@jackwotherspoon @davidcavazos @dandhlee @kokoro-team